ClawHub

诉讼策略与类案检索(得理科技)

Security checks across malware telemetry and agentic risk

Overview

This legal-research skill is purpose-aligned, but it sends sensitive legal queries and an API key to an external API while disabling normal HTTPS certificate checks.

Review carefully before installing. Use only if you are comfortable sending legal search terms or case summaries to DeliLegal, avoid client-identifying or privileged details where possible, and fix the disabled TLS verification before routine use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The code explicitly disables both TLS hostname verification and certificate validation before making an authenticated HTTPS request. This allows a man-in-the-middle attacker to intercept or tamper with legal search responses and potentially capture the Bearer API key, undermining both confidentiality and integrity.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger phrases are broad and overlap with ordinary conversation such as '案件分析' or '庭前准备,' with no exclusion criteria or confirmation step. This can cause the skill to activate unexpectedly in unrelated contexts and begin processing or sending sensitive legal narratives to external tools without sufficiently clear user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is designed to transmit potentially highly sensitive case materials, evidence summaries, and dispute facts to a third-party legal platform, but it does not provide a prominent privacy warning, data-minimization guidance, or user consent checkpoint. In a litigation context, this is particularly risky because disclosures may include personal data, trade secrets, privileged strategy, or other confidential matter that should not be sent externally by default.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script sends potentially sensitive case descriptions to a third-party legal API together with an authorization credential, but it also disables TLS certificate and hostname verification. That combination creates real confidentiality and integrity risk: private legal facts could be exposed to the service or intercepted via man-in-the-middle attacks, and responses could be tampered with.

Missing User Warnings

High
Confidence
99% confidence
Finding
API requests are sent with certificate and hostname checks disabled and no warning to the user, so secure transport is only superficial. In this skill, the request includes a Bearer credential and returns legal research content; an active network attacker could impersonate the API endpoint, steal the token, or inject manipulated legal materials into the report workflow.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal